weixin_39552538
weixin_39552538
2020-12-09 05:23

Add support for OpenCensus Agent as a destination for Knative metrics.

/assign

I tested this with exporting to stackdriver using the following config:

yaml
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    serving.knative.dev/release: devel
  name: opencensus-agent-config
  namespace: knative-monitoring
data:
  opencensus-agent-config: |
    receivers:
      opencensus:
        address: ":55678"
    #   jaeger: {}
    #   zipkin: {}
    exporters:
      stackdriver:
        project: "kubecon-knative-2019"  # Optional, defaults to node project
        metric_prefix: "testing"
        enable_metrics: true
        enable_tracing: true
      prometheus:
        namespace: "namespace"
        address: ":8888"
---
apiVersion: v1
kind: Secret
metadata:
  name: stackdriver-key
  namespace: knative-monitoring
type: Opaque
data:
  credentials.json: <<<base64 json>>>
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    serving.knative.dev/release: devel
  name: opencensus-agent
  namespace: knative-monitoring
spec:
  selector:
    matchLabels:
      component: opencensus-agent
  template:
    metadata:
      labels:
        component: opencensus-agent
        serving.knative.dev/release: devel
    spec:
      containers:
      - command:
        - /ocagent_linux
        - --config=/conf/opencensus-agent-config.yaml
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /secrets/credentials.json
        image: omnition/opencensus-agent:0.1.6
        name: opencensus-agent
        ports:
        - containerPort: 55678
          name: collect
          protocol: TCP
        - containerPort: 55679
          name: zpages
          protocol: TCP
        - containerPort: 8888
          name: prometheus
          protocol: TCP
        resources:
          limits:
            cpu: 500m
            memory: 500Mi
          requests:
            cpu: 100m
            memory: 100Mi
        volumeMounts:
        - mountPath: /conf
          name: opencensus-agent-config-vol
        - mountPath: /secrets
          name: stackdriver-key
      volumes:
      - configMap:
          items:
          - key: opencensus-agent-config
            path: opencensus-agent-config.yaml
          name: opencensus-agent-config
        name: opencensus-agent-config-vol
      - name: stackdriver-key
        secret:
          defaultMode: 420
          secretName: stackdriver-key
---
apiVersion: v1
kind: Service
metadata:
  labels:
    serving.knative.dev/release: devel
  name: opencensus
  namespace: knative-monitoring
spec:
  ports:
  - name: opencensus
    port: 55678
    protocol: TCP
    targetPort: 55678
  selector:
    component: opencensus-agent
  type: ClusterIP
</base64>

I had a little trouble tracking down how to find the exported metrics in Stackdriver, but I was able to trace the traffic off my machine... 😜

该提问来源于开源项目:knative/pkg

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

6条回答

  • weixin_39702335 weixin_39702335 5月前

    [APPROVALNOTIFIER] This PR is APPROVED

    This pull-request has been approved by: evankanderson

    The full list of commands accepted by this bot can be found here.

    The pull request process is described here

    Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/knative/pkg/blob/master/OWNERS)~~ [evankanderson] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
    点赞 评论 复制链接分享
  • weixin_39552538 weixin_39552538 5月前

    I'm working on adding support for a TLS secret for metrics export. Any thoughts on the format for that?

    点赞 评论 复制链接分享
  • weixin_39552538 weixin_39552538 5月前

    Adding TLS from a secret requires some larger surgery (the ability to supply a SecretLister to pkg/metrics.

    I'd like to do that in a subsequent PR to keep this from snowballing too much.

    I think we do need to support mutual TLS as an option, but I'll also point out that it is a feature creep over our current state, where either:

    1. Everyone on the node / running in a namespace can access the current push secret (i.e. via GCE metadata server for GKE).
    2. The data is sent unencrypted without any authentication anyway (via Prometheus).

    Mind if I do a fast-follow with secrets for OpenCensus?

    I don't expect any of this to be the default in the next release, but would like to give users the option to try this out if desired.

    点赞 评论 复制链接分享
  • weixin_39564187 weixin_39564187 5月前

    The following is the coverage report on the affected files. Say /test pull-knative-pkg-go-coverage to re-run this coverage report

    File | Old Coverage | New Coverage | Delta ---- |:------------:|:------------:|:-----: metrics/config.go | 93.5% | 94.0% | 0.5 metrics/exporter.go | 90.0% | 88.9% | -1.1 metrics/opencensus_exporter.go | Do not exist | 75.0% |

    点赞 评论 复制链接分享
  • weixin_39959569 weixin_39959569 5月前

    I do happen to have a PR out for adding a SecretLister/Watcher to pkg/metrics that could be repurposed :) https://github.com/knative/pkg/pull/925

    Merging this PR and doing fast-follows sounds good to me.

    I agree TLS is beyond what Knative currently has, but I imagine it will come in handy quickly as Knative adds more observability backends.

    点赞 评论 复制链接分享
  • weixin_39959569 weixin_39959569 5月前

    /lgtm

    点赞 评论 复制链接分享

相关推荐